Ubuntu 22.04
Ubuntu 22.04 LTS must require users to reauthenticate for privilege escalation or when changing roles
STIG ID:
UBTU-22-432010
|
SRG:
SRG-OS-000373-GPOS-00156
|
Severity:
Medium
|
CCI:
CCI-004895,CCI-002038
|
Vulnerability ID:
V-260558
Description
Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate.Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157
Check
C-64287r953485_chk
Verify the "/etc/sudoers" file has no occurrences of "NOPASSWD" or "!authenticate" by using the following command: $ sudo grep -Ei '(nopasswd|!authenticate)' /etc/sudoers /etc/sudoers.d/* If any occurrences of "NOPASSWD" or "!authenticate" return from the command, this is a finding.
Fix
F-64195r953486_fix
Remove any occurrence of "NOPASSWD" or "!authenticate" found in "/etc/sudoers" file or files in the "/etc/sudoers.d" directory.